How to fix CVE-2025-47792?

Within 30 days: Identify affected systems running versions of Nextcloud Desktop and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Desktop affected by CVE-2025-47792?

Organizations using versions of Nextcloud Desktop should be aware of moderate risk from CVE-2025-47792, a improper access control vulnerability rated CVSS 5.0. Exploitation could compromise the security of affected deployments.

CVE-2025-47792

MEDIUM

2025-05-16 [email protected]

5.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:42 vuln.today

Patch Released

Mar 28, 2026 - 18:42 nvd

Patch available

CVE Published

May 16, 2025 - 15:15 nvd

MEDIUM 5.0

Description

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.

Analysis

Nextcloud Desktop is the desktop sync client for Nextcloud. Rated medium severity (CVSS 5.0).

Technical Context

This vulnerability is classified under CWE-284. Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available. Affected products include: Nextcloud Desktop. Version information: prior to 3.15.

Affected Products

Nextcloud Desktop.

Remediation

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +25

POC: 0

CVE-2025-47792 vulnerability details – vuln.today

Back

CVE-2025-47792

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-47792

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code